关联漏洞
标题:
Cisco IOS XE Software 安全漏洞
(CVE-2023-20198)
描述:Cisco IOS XE Software是美国思科(Cisco)公司的一个操作系统。用于企业有线和无线访问,汇聚,核心和WAN的单一操作系统,Cisco IOS XE降低了业务和网络的复杂性。 Cisco IOS XE Software 存在安全漏洞,该漏洞源于允许未经身份验证的远程攻击者在受影响的系统上创建具有特权的帐户。
介绍
# CVE-2023-20198
CVE-2023-20198 Checkscript based on:
- Technical analysis: https://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software/
- First script version: https://github.com/Atea-Redteam/CVE-2023-20198/
Thanks to Atea Redteam for their work.
Requires:
- Python3.7+
- Python libs: ipaddress, requests, subprocess, re, argparse
Different ways to launch the script:
- Scan a subnet with CIDR notation:
./CVE-2023-20198.py -c 172.16.0.0/8
- Scan a single IP address:
./CVE-2023-20198.py -a 172.16.0.254
- Scan multiple IP addresses included into a file:
./CVE-2023-20198.py -f ips.txt
IPs with status code 200, suspicious length, and malicious impant confirmed:
['172.16.0.254']
IPs with status code 200, but doesn't seems to be pwned:
[]
Results will be added into results.csv as well.
文件快照
[4.0K] /data/pocs/6b3a28f17f7c417aee3fe5df7a9be061de8d6ed2
├── [5.0K] CVE-2023-20198.py
├── [3.6K] CVE-2023-20198-Scan.zip
├── [ 0] ips.txt
├── [4.0K] logs
│ ├── [1.3K] logging.py
│ └── [ 0] processed_ips.log
├── [ 819] README.md
└── [ 10] results.csv
1 directory, 7 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。